Crypto Drainers Go Mainstream: Sold Openly as SaaS Malware at IT Fairs

Crypto Drainers Go Mainstream with Drainer-as-a-Service

No longer specialist malware requiring technical expertise, crypto drainers have evolved into slick, user-friendly SaaS platforms being actively marketed—even at IT conferences.

Drainer-as-a-Service Lowers the Barrier to Entry

AMLBot’s April 22 report reveals a game-changer in the crypto threat landscape: drainers now operate on a drainer-as-a-service (DaaS) model. These malware kits are being leased for $100–$300 USDT, enabling nearly anyone to get into crypto theft.

“Scamming no longer requires coding knowledge,” AMLBot CEO Slava Demchuk stated. There are now tutorials and mentoring online in communities, making it relatively easy to pivot from traditional phishing to crypto.

Bold Criminal Operations Appear at Tech Conferences

A few DaaS operators no longer hide. CryptoGrab is one of the entities that have stands at information technology exhibitions. Demchuk explains this brazenness due to lax cybercrime prosecution in areas like Russia.

“Hacking is practically legal if it doesn’t target local citizens,” he said. Russian law enforcement is inclined to leave alone such players as long as they don’t target the post-Soviet area.

A Safe Harbor in Russia for Cybercriminal Innovation

KrebsOnSecurity and Cisco have already reported on how malware like ransomware and info stealers avoid targeting Russian-based systems. Geolocation checks and Cyrillic keyboard detection are standard practices to stay under Russian law enforcement’s radar.

This permissiveness has allowed DaaS to flourish, with operations promoting themselves quite openly in Russian-language developer communities.

Telegram and the Deep Web Facilitate Growth

The majority of DaaS activity occurs within Telegram groups, clearnet forums, and deep web space. Telegram’s once hands-off policy made it a popular platform—though recent policy changes have pushed some players back towards Tor-based forums.

Advertisements for drainer developers regularly appear in open Telegram chats, according to AMLBot’s OSINT researcher. Although the advertisements are removed quickly by administrators, those who are interested are already engaged.

Drainer Threat Growing Year on Year

Scam Sniffer estimates that drainers have stolen $494 million in 2024—a 67% growth compared to 2023. Meanwhile, Kaspersky documented a growth of online drainer infrastructure from 55 in 2022 to 129 in 2024.

As the DaaS model matures, analysts warn that growing numbers of non-technical actors will adopt the crypto crime space, expanding the risk to investors and platforms alike.